Interactive Risk Analysis Tool

A simple and useful interactive risk analysis template to consolidate your product analysis

Download the template
Learn about risk analysis

Every product that enters the EU, UK, or US market needs a documented risk analysis. Certification bodies and market surveillance authorities treat it as evidence. A missing or poorly structured risk file is one of the most common reasons a technical documentation review stalls or a product recall is triggered.

This free risk analysis tool lets you build a compliant, structured risk register directly in your browser, step by step. The tool follows the risk management process defined in ISO 14971 and the hazard classification approach of IEC 62368-1 and ISO 12100. No account, no installation, no cost.

You identify hazards, assign severity and probability scores, document mitigation measures, and calculate the residual risk. The result is a downloadable file ready to include in your technical file or design history file.

Before you start, it helps to understand what distinguishes a good risk analysis from a box-ticking exercise. Our article Risk Assessment: from Formality to Strategy explains the difference and is worth five minutes of your time first.

Tip: If you are building a risk analysis for a product that uses FMEA methodology, read our guide on best practices for effective FMEA implementation alongside this tool. The two approaches are complementary and are often used together in a single technical file.

Free Risk Analysis Tool — ISO 14971 & IEC 62368-1 | Regulatory Decoded
Regulatory Decoded
Free Tool Risk analysis guide FMEA best practices
Build your risk file step by step. Complete all three stages for each hazard before adding it to the register.
Step 01 Hazard identification
Step 02 Initial risk scoring
1 = Negligible  ·  3 = Significant  ·  5 = Catastrophic
1 = Remote  ·  3 = Occasional  ·  5 = Frequent
Initial RPN
1 low
Residual RPN
1 low
Step 03 Mitigation and residual risk
Score after mitigation is applied
Show:
# Hazard type Root cause Description S P Initial RPN Mitigation RS RP Residual RPN

No risks added yet.
Use the Add risk entry section to start building your register.
Initial risk distribution
Probability (P) →
Residual risk (after mitigation)
Probability (P) →
Legend:
Low (1–5)
Medium (6–14)
High (15–25)
Numbers inside cells = count of risks plotted there
Download CSV
Comma-separated file with all risk register columns. Opens in Excel or any spreadsheet application. Suitable for inclusion as an appendix in your technical file.
Download JSON
Structured machine-readable export with product metadata and full risk array. Useful for integrating this data into downstream tooling, PLM systems, or version-controlled design history files.
Print to PDF
Opens the browser print dialog. The page is formatted for clean printing: the form is hidden and the risk register table prints with product name, revision, and standard in the header. Save as PDF from the print dialog.
Download Excel template
The full interactive .xlsx template with pre-set formulas, colour coding, and a version history sheet. Use this as the master file for your technical documentation.
Download .xlsx
Severity scale (S)

Severity describes the worst-case harm that could result from a hazard, regardless of how likely it is. Score it independently from probability. This scale aligns with Annex C of ISO 14971:2019 and the energy class approach of IEC 62368-1:2023.

ScoreLevelDescriptionExamples
1NegligibleNo injury or discomfort expectedMinor localised redness, transient tingling sensation
2MinorReversible injury, no medical treatment neededSmall superficial burn, bruise, reversible skin irritation
3ModerateReversible injury requiring medical treatmentSecond-degree burn on limited area, fracture, electric shock requiring medical assessment
4SeriousIrreversible injury or disabling conditionPermanent partial disability, major burn, severe electric shock causing cardiac effects
5CatastrophicDeath or irreversible severe disabilityFatal electric shock, fire causing death, explosion
Probability scale (P)

Probability reflects how likely the hazardous situation is to occur and lead to harm, considering the intended use, foreseeable misuse, and the product lifecycle. Use field data, test results, or design review estimates.

ScoreLevelDescriptionIndicative frequency
1RemoteConceivable but extremely unlikely over product lifetime< 1 in 1,000,000 product-years
2UnlikelyLow likelihood; would require unusual combination of events1 in 100,000 to 1 in 1,000,000
3OccasionalCould occur during normal use; has precedent in similar products1 in 10,000 to 1 in 100,000
4LikelyProbable during normal use; reasonably foreseeable1 in 1,000 to 1 in 10,000
5FrequentExpected to occur repeatedly; inherent to use conditions> 1 in 1,000 product-years
Note: A low-severity risk with high probability (e.g. S=2, P=5 → RPN 10, medium) can be as damaging to your product reputation as a high-severity risk. Field failures, warranty claims, and user complaints often trace back to medium-level risks that were deprioritised at design stage.

How to Use the Interactive Risk Analysis Template

 

The tool follows the three-stage risk management process common to ISO 14971 and IEC 62368-1. Each stage maps to one of the form tabs.

Stage 1: Hazard identification

Start by selecting the hazard type and describing its root cause. Be specific. “Electrical shock due to insulation failure at the primary-secondary boundary under single-fault condition” is far more useful than “electrical hazard.” Vague descriptions make mitigation planning harder and weaken your technical file.

Stage 2: Initial risk scoring

Assign a severity score (1 to 5) and a probability score (1 to 5). The tool calculates the Risk Priority Number (RPN) as the product of the two. Scores of 15 or above are flagged as high risk and require mandatory mitigation before the product can be considered acceptable.

Stage 3: Mitigation and residual risk

Document the mitigation measure, whether that is a design change, a protective device, a warning label, or a user instruction. Then score the residual severity and probability after mitigation. The residual RPN must fall to an acceptable level. What counts as acceptable depends on the standard you are working to and the benefit-risk balance for your product category.

Note: Keep the risk file version-controlled. Every design change, test result, or field report is a trigger to revisit the document. Your risk analysis is living evidence, not a one-time deliverable.

Frequently asked questions about product risk analysis

Is this risk analysis tool compliant with ISO 14971? The tool follows the probability-severity matrix and risk acceptability approach described in ISO 14971:2019. It is designed to support, not replace, the full risk management process defined in that standard, which also requires documented risk management plans and post-market surveillance integration.

What is an acceptable residual risk score? There is no single universal threshold. ISO 14971 requires that residual risk is reduced as far as reasonably practicable and that the overall residual risk is judged acceptable in light of the product’s benefit. IEC 62368-1 uses energy source classification rather than a numerical RPN system, so acceptable risk is determined by the energy class and the safeguard applied.

What is the difference between initial risk and residual risk? Initial risk is scored before any mitigation is applied and represents the raw hazard. Residual risk is scored after mitigation and reflects what remains after controls are in place. Both must be documented in your technical file. Regulators and auditors check that the reduction is real and that the mitigation is proportionate to the severity.

Can I use this tool for CE marking technical documentation? Yes, as supporting documentation. CE marking under most EU directives and regulations requires a formal risk assessment referenced in the technical file. The output of this tool — exported as CSV, JSON, or printed as a PDF — can form part of that file, provided it is version-controlled, reviewed, and signed off by a responsible person.

Does this tool work for medical devices under EU MDR 2017/745? The scoring approach aligns with ISO 14971, which is harmonised under EU MDR 2017/745. However, medical device risk management has additional requirements — including benefit-risk analysis, post-market clinical follow-up, and PMCF planning — that go well beyond what any web-based tool can cover. Use this as a structuring aid, not a compliance shortcut.